If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

I'd still double-check on DNS. I know that it sounds funny, but you'd be surprised at how many wieird things crop up with DNS problems. It only takes a couple of minutes to check too.

First things first. Make sure that your DC is set to the correct DNS server (I'm assuming that it's going to be the localhost here). Also, after starting the DNS console, right click on the server, go to the logging tab (I think it's the logging tab) and run both simple and recursive queries. If they test OK, you should be good to go.

One of your netlogon errors seems to indicate that you rebuilt the domain at some point. Is this correct?

Heh, I'm buggered. Without looking at the machine, it's difficult to troubleshoot.

If you use the GPO management tool (the new one for Win2k3), it makes it easier to determine the permissions in effect on a certain policy as well as exactly who they apply to. Are you able to find out what the two denials are set for and at what level they apply? Determining how to do this would be the first thing that I did.

Of course, I'm assuming that you've logged on with a domain admin logon and that you're the only domain admin. It isn't possible that someone made a change without your knowledge, is it?

Yes i am the only Domain admin and no other domain user could change these settings, and yes i have installed that new Group Policy Mangement tool for windows 2003 and i am looking through it. What i need to know is that why that Blue icon with ! sign is with my Domain seems something missing.

One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

Since this appears important to solve quickly, I will point out what I noticed.

( be forewarned, I know dick about a DC )

refering to COMPUTER2

However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.

( emphasis added )

not getting proper credentials after domain was reconfigured?

The master browser has received a server announcement from the computer COMPUTER1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F8FB0E1A-7C4B-4401-A3. The master browser is stopping or an election is being forced.

what is COMPUTER1 ?

Do you routinely see this or is this something new?

Is this a new machine or has it been recently reconfigured?

As I understand it, errors such as this could be caused by XPpro machines not properly configured to mind their own business ( routine ), or by improper subnet masks on a machine, or something else.

What happens when COMPUTER1 is taken off-line?

When was the last time updates were applied ( relative to this problem )?

Also, you had questioned the mention of time. From what I understand, if the times on the machines do not correlate closely when a DC is involved, rejection is the result.

Did searching through logs of clients reveal anything?

Sorry FanacooL, this is a stab in the dark for me. Hopefully, I a least sparked a thought for a solution.

" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

OK Fanacool. Let's start sorting this mess out. I'll go by each Event ID and see what I can figure out here.

Event ID 12 (W32 Time) - This error is basically saying your PDC Emulator is setup to look for a time source from a computer that's higher than it, in your domain. If you don't care that this computer (your DC) is your time source for your domain, then no worries. Otherwise, you'll need to configure this computer to retrieve time from an external NTP server. Either way, it's your choice.

Event ID 8003 (MRxsmB) - This event ID has eluded me as to its cause more than once. Check your subnest mask on the computer generating this error and make sure that it is correct in relation to your network configurations. Outside of that, it could be a couple other things. Let me know. You may also want to try and disable the Computer Browser service. As I recall, the PDC Emulator is usually the Computer Browser and clients connected should not have the service enabled? It's been awhile so anyone correct me if I am wrong.

Event ID 5513 (Netlogon) - This error message could be attributed to the computer account information not matching the information on the authenticating domain controller. You may need to reset the account via Active Directory. You should be able to do this by right-clicking on the computer that is generating the error and select "reset account". Also, are you attemtping to join Windows XP SP2 machines? Make sure the firewall is turned off on the XP machine and rejoin it to the domain. Here is Microsoft's Solution to this error.

Event ID 1056 (DHCP) - As I am not familiar with this error, I can only direct you elsewhere. Here is Microsoft's Solution to this issue.

Event ID 1030 (Userenv) - I have had this error a few times and used Microsoft's Solution to fix it. In my case, it was the DFS client causing the error.

Let's start here and see where we go.

The object of war is not to die for your country but to make the other bastard die for his - George Patton

I was a little sick and couldn't check the things...... I did follow few things on saturday here's the updates.

Event ID 12 (W32 Time) Did not bother to look into it as its not an alarming thing.

Event ID 8003 (MRxsmB) Network Configuration on the system is fine, regarding the computer browser service I am not clear about that I haven't been told by anyone that this should be disable on the Client end.

Event ID 5513 (Netlogon) I am quite aware of this issue, I need to re-join the client on the Domain but since i am having issues with AD group policy so i can't join anyone on the Domain and gets the same message i get when i try to open the group policy object.

Event ID 1030 (Userenv) Should I be applying this on Client as nothing happen after applying on the server.

Spyrus

I have already tried to delete the GPO but i get a message "SERVER IS UNWILLING TO PROCESS THE REQUEST"

One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

I have came across a very good document relating to this isseue and upon working on the steps i have managed to open the group policy Object but still users are not able to re-join the domain and get access to the server share.

Also if I try to change the GP Object or any other setting in the GPO i get the attached error message.

One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!